<?php
session_start();
require_once 'php_includes.php';

//Make sure logged in
checkLogin();
	
///////////////////////////////////
//This is only for manager only pages
sqlConnect();
$sql = 'select ManagerID from Employee where EmployeeID = ' . $_SESSION['tmsUserID']; 
	
// Perform Query
$sqlresult = sqlQuery($sql);

$result = mysql_result($sqlresult, 0, 0);

$sql2 = 'select EmployeePassword from Employee where EmployeeID = ' . $_SESSION['tmsUserID']; 	
// Perform Query
$sqlresult2 = sqlQuery($sql2);
$result2 = mysql_result($sqlresult2, 0, 0);

if( $_SESSION['tmsUserID'] != $result )
{
	$_SESSION['errorMessage'] = "Access denied";
	include("error.php");
	exit();
}

else
{
	if($_POST['verPass'] != $result2)
	{
		include("error.php");
		exit();
	}
	else
	{
//Checks if the user has entered values in all fields
if(empty($_POST['managerID']) ||empty($_POST['passWord'])||empty($_POST['fName'])||empty($_POST['lName'])||empty($_POST['verPass']))
exit("<p>You must enter values in all fields of the Add Employee form! <br> Click <a href=\"superadmin_setup.php\">here</a> to go back.</p>");
	
else
{
	
	
	$check = mysql_num_rows(sqlQuery('select ManagerID FROM Employee WHERE ManagerID='. $_POST['managerID']));

if($check=="1")
{
exit("<font color=red> Manager ID Already Exists. Please click <a href=\"addemployee.php\">here</a> to go back. </font>");	
}
	else 
	{
//adds employee to database
$sql2="INSERT INTO Employee (EmployeeID, EmployeePassword, ManagerID, EmployeeFName, EmployeeLName)
VALUES
('$_POST[managerID]','$_POST[passWord]','$_POST[managerID]', '$_POST[fName]','$_POST[lName]')";

sqlQuery($sql2);
echo "Employee added.<br> Click <a href=\"superadmin_setup.php\">here</a> to add another Manager.";


//Close DB
sqlExit();
}
}
	}
}
//Close DB
sqlExit();
?> 

